Test hybrid build: 1. kaniko, 2. docker

2929bfd3 · Bengt Giger · 221d9aef · 2929bfd3 · 2929bfd3 · 2929bfd3
Commit 2929bfd3 authored 2 weeks ago by Bengt Giger
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -15,16 +15,32 @@ nomyst:
    name: push-to-gitlab-project-registry
 myst:
-  extends: .build_with_kaniko
+  # extends: .build_with_kaniko
  stage: build-myst
  rules:
    - if: '$CI_COMMIT_TAG == "stable"'
      when: never
    - if: '$CI_COMMIT_TAG != null'
      when: always
-  variables:
+  tags:
-    DOCKERFILE: Dockerfile.myst
+    - docker
-    BUILDTITLE: build-myst
+  script:
-    KANIKO_CACHE_ARGS: "--cache=false"
+    - echo -n $CI_JOB_TOKEN | docker login -u gitlab-ci-token --password-stdin $CI_REGISTRY
+    - echo Building version $CI_COMMIT_TAG
+    - docker pull $CI_REGISTRY_IMAGE:latest || true
+    - >
+      docker build
+      --pull
+      --build-arg http_proxy=$http_proxy
+      --build-arg https_proxy=$https_proxy
+      --build-arg no_proxy=$no_proxy
+      --build-arg VCS_REF=$CI_COMMIT_SHA
+      --build-arg VCS_URL=$CI_PROJECT_URL
+      --build-arg VCS_TAG=$CI_COMMIT_TAG
+      --cache-from $CI_REGISTRY_IMAGE:latest
+      --tag $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME
+      --file Dockerfile.myst
+      .
+    - docker push $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME
  environment:
    name: push-to-gitlab-project-registry
--- a/.gitlab-ci_docker.yml
+++ b/.gitlab-ci_docker.yml
+image: docker:20.10.14-dind
+stages:
+  - build
+  - push
+.docker-script-before: &docker-script-before
+  # docker login asks for the password to be passed through stdin for security
+  # we use $CI_JOB_TOKEN here which is a special token provided by GitLab
+  - echo -n $CI_JOB_TOKEN | docker login -u gitlab-ci-token --password-stdin $CI_REGISTRY
+Build tag:
+  # Build for a tag: write the tag, so the app can read and display the version
+  before_script:
+    - *docker-script-before
+  stage: build
+  tags:
+    - docker
+    - large
+  only:
+    - tags
+  script:
+    - echo Building version $CI_COMMIT_TAG
+    # fetches the latest image (not failing if image is not found)
+    - docker pull $CI_REGISTRY_IMAGE:latest || true
+    # builds the project, passing proxy variables, and vcs vars for LABEL
+    # notice the cache-from, which is going to use the image we just pulled locally
+    # the built image is tagged locally with the commit SHA, and then pushed to
+    # the GitLab registry
+    - >
+      docker build
+      --pull
+      --build-arg http_proxy=$http_proxy
+      --build-arg https_proxy=$https_proxy
+      --build-arg no_proxy=$no_proxy
+      --build-arg VCS_REF=$CI_COMMIT_SHA
+      --build-arg VCS_URL=$CI_PROJECT_URL
+      --build-arg VCS_TAG=$CI_COMMIT_TAG
+      --cache-from $CI_REGISTRY_IMAGE:latest
+      --tag $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
+      .
+    - docker push $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
+Build docker image:
+  before_script:
+    - *docker-script-before
+  stage: build
+  tags:
+    - docker
+    - large
+  except:
+    - tags
+  script:
+    # fetches the latest image (not failing if image is not found)
+    - docker pull $CI_REGISTRY_IMAGE:latest || true
+    # builds the project, passing proxy variables, and vcs vars for LABEL
+    # notice the cache-from, which is going to use the image we just pulled locally
+    # the built image is tagged locally with the commit SHA, and then pushed to
+    # the GitLab registry
+    - >
+      docker build
+      --pull
+      --build-arg http_proxy=$http_proxy
+      --build-arg https_proxy=$https_proxy
+      --build-arg no_proxy=$no_proxy
+      --build-arg VCS_REF=$CI_COMMIT_SHA
+      --build-arg VCS_URL=$CI_PROJECT_URL
+      --build-arg VCS_TAG=$CI_COMMIT_SHORT_SHA
+      --cache-from $CI_REGISTRY_IMAGE:latest
+      --tag $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
+      .
+    - docker push $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
+# Here, the goal is to tag the "master" branch as "latest"
+Push latest image:
+  before_script:
+    - *docker-script-before
+  needs:
+    - Build docker image
+  variables:
+    # We are just playing with Docker here.
+    # We do not need GitLab to clone the source code.
+    GIT_STRATEGY: none
+  stage: push
+  tags:
+    - docker
+    - large
+  only:
+    # Only "master" should be tagged "latest"
+    - master
+  script:
+    # Because we have no guarantee that this job will be picked up by the same runner
+    # that built the image in the previous step, we pull it again locally
+    - docker pull $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
+    # Then we tag it "latest"
+    - docker tag $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA $CI_REGISTRY_IMAGE:latest
+    # Annnd we push it.
+    - docker push $CI_REGISTRY_IMAGE:latest
+# Every other branch
+Push branch image:
+  before_script:
+    - *docker-script-before
+  needs:
+    - Build docker image
+  variables:
+    # We are just playing with Docker here.
+    # We do not need GitLab to clone the source code.
+    GIT_STRATEGY: none
+  stage: push
+  tags:
+    - docker
+    - large
+  except:
+    - master
+    - tags
+  script:
+    # Because we have no guarantee that this job will be picked up by the same runner
+    # that built the image in the previous step, we pull it again locally
+    - docker pull $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
+    # Then we tag it with the branch name
+    - docker tag $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME
+    # And we push it.
+    - docker push $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME
+# Finally, the goal here is to Docker tag any Git tag
+# GitLab will start a new pipeline everytime a Git tag is created, which is pretty awesome
+Push tag image:
+  before_script:
+    - *docker-script-before
+  needs:
+    - Build tag
+  variables:
+    # Again, we do not need the source code here. Just playing with Docker.
+    GIT_STRATEGY: none
+  stage: push
+  tags:
+    - docker
+    - large
+  only:
+    # We want this job to be run on tags only.
+    - tags
+  script:
+    - docker pull $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
+    - docker tag $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME
+    - docker push $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME
--- a/.gitlab-ci_kaniko.yml
+++ b/.gitlab-ci_kaniko.yml
+include: ".gitlab-ci-common.yml"
+stages:
+  - build-nomyst
+  - build-myst
+nomyst:
+  extends: .build_with_kaniko
+  stage: build-nomyst
+  variables:
+    DOCKERFILE: Dockerfile
+    BUILDTITLE: build-nomyst
+    TAG_EXT: "-noMyST"
+  environment:
+    name: push-to-gitlab-project-registry
+myst:
+  extends: .build_with_kaniko
+  stage: build-myst
+  rules:
+    - if: '$CI_COMMIT_TAG == "stable"'
+      when: never
+    - if: '$CI_COMMIT_TAG != null'
+      when: always
+  variables:
+    DOCKERFILE: Dockerfile.myst
+    BUILDTITLE: build-myst
+    KANIKO_CACHE_ARGS: "--cache=false"
+  environment:
+    name: push-to-gitlab-project-registry